Re: [Syslog] Use Of RFC 5425 In IEC 62351
tom petch <ietfc@btconnect.com> Tue, 07 December 2021 12:25 UTC
Return-Path: <ietfc@btconnect.com>
X-Original-To: syslog@ietfa.amsl.com
Delivered-To: syslog@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C17293A15A6 for <syslog@ietfa.amsl.com>; Tue, 7 Dec 2021 04:25:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OyMwiL-kHGpR for <syslog@ietfa.amsl.com>; Tue, 7 Dec 2021 04:25:14 -0800 (PST)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30120.outbound.protection.outlook.com [40.107.3.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B66373A15A2 for <syslog@ietf.org>; Tue, 7 Dec 2021 04:25:13 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M4lWiJSH4GJ4typQdi5ANItITHHVYYGNDaTuAV9kFew74G3dSXDwJ+7+S9lMb4yVbetikyrNUtQyg22JJtGtIz9sM3nN+Kcf/7jRgONBR9XEtvaubwEKFWA5yUXrCwKfgh15w15utDmwzFBlJzu1mc69wOM/pJrqpTBlJ6ZdJf2sqOEuSnllnentObCwbNeTHZy+GH/prbJN0M28f+BxIVSsH7O+zOiP7FH4VpcGv8cFxDJ9R3xBwwVh+15D361rL1ZWEolNJMGYyYtJSkZ/xp+LDBZwqwXGfirbF3ZJJ8zmHPm/XSSrl53tjx3WAQdlapVuCtuJ+37U9z67ZqJAzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+/GyFrXSDg/ThFUZzYN4qVHK03BzJfGo8MdupsBK5IU=; b=NegOB9cucHsk97CNlYtirqlfFJ3S7Tzn6rJP7GiT/+lrMxKFmo48n1G0eudTDZQkZkdkaoR+mlslWpzaeRaXCQggBKBnNI8vPbjF45Rx3TIjAznzx/6J9HX8dQna6iV2E0hKcakZgskiZMDXaOUflacz+MVuh3GLhpvO4JZ0nwjsk+cO+Or6E+jCn0Oi0jeUJix4qpbI0bCtPQq21TRyDJwUnNcimxug6rothRrVb1YEBP1VuxxmQJvfOESaFQrTK9akkctDYiDkmFvcJruwWgz4hzEtWCKNhKYqQdAQpHticttEp86YztORGu11TSm6Zsu0cnBbul8sB1j3nM0OGA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+/GyFrXSDg/ThFUZzYN4qVHK03BzJfGo8MdupsBK5IU=; b=OhjQaVGrAtJJJX53Sjr6UIdIlKIRrqp0tEwGo3egZsGFkykhkPvcn6fpGxO/03aSKkPguii3+E5uiwWvyLJD3QioObraoB/hWWXtIsxADFF9NQwhGwAGlABGyInZcAg9+qvTsbsjrz+LmtfMh14+IFqGw4dY5Gt1Zu6O906J2x4=
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com (2603:10a6:20b:134::11) by AM6PR07MB4614.eurprd07.prod.outlook.com (2603:10a6:20b:22::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.11; Tue, 7 Dec 2021 12:24:58 +0000
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::89f3:ef4c:9336:3848]) by AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::89f3:ef4c:9336:3848%3]) with mapi id 15.20.4778.011; Tue, 7 Dec 2021 12:24:58 +0000
From: tom petch <ietfc@btconnect.com>
To: Chris Lonvick <lonvick.ietf@gmail.com>, Arijit Bose <arijit.bose@hitachienergy.com>, "sean+ietf@sn3rd.com" <sean+ietf@sn3rd.com>, "sean@sn3rd.com" <sean@sn3rd.com>, "syslog@ietf.org" <syslog@ietf.org>, "joe@salowey.net" <joe@salowey.net>
CC: "IEC 62351 WG15 (WG15@iectc57.org)" <WG15@iectc57.org>
Thread-Topic: [Syslog] Use Of RFC 5425 In IEC 62351
Thread-Index: AQHX5J4KGJyFYH6ZUkGx1FDZykzGPKwlvxNogAFB2dM=
Date: Tue, 07 Dec 2021 12:24:58 +0000
Message-ID: <AM7PR07MB62482C31A6F498F92901D51EA06E9@AM7PR07MB6248.eurprd07.prod.outlook.com>
References: <HE1PR0602MB336990C8F08648EC1A72AEB8F9939@HE1PR0602MB3369.eurprd06.prod.outlook.com> <HE1PR0602MB33697D2F6C7816FDDEE36A1BF9959@HE1PR0602MB3369.eurprd06.prod.outlook.com> <HE1PR0602MB336947D8E77358113F10E27AF99A9@HE1PR0602MB3369.eurprd06.prod.outlook.com> <HE1PR0602MB3369993C688CA90046CAAAD2F99F9@HE1PR0602MB3369.eurprd06.prod.outlook.com> <HE1PR0602MB3369A07DFE7D1D2D75B15602F99F9@HE1PR0602MB3369.eurprd06.prod.outlook.com> <HE1PR0602MB336991FF01C76FA1073D5CF0F99F9@HE1PR0602MB3369.eurprd06.prod.outlook.com> <64c34d64-5982-0df8-f057-1b3f53166e77@gmail.com> <AM7PR07MB6248F18CCCFD356C7C901EFCA06D9@AM7PR07MB6248.eurprd07.prod.outlook.com>
In-Reply-To: <AM7PR07MB6248F18CCCFD356C7C901EFCA06D9@AM7PR07MB6248.eurprd07.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
suggested_attachment_session_id: 02ab4aad-cdb6-540c-be46-05ae36676c54
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 301061e9-9750-4502-c8df-08d9b97c9566
x-ms-traffictypediagnostic: AM6PR07MB4614:EE_
x-microsoft-antispam-prvs: <AM6PR07MB461417989A1A7A3DB5F369BFA06E9@AM6PR07MB4614.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: xVCsXPFG2FUdcdErjVhtD/BpulDa7GVh81qhZ7LXgqea/9sVS+u1aCV45kkjUjIwZzA3sM3B0Y/kDjcbUzUUyFCeMbzLCRw6ooFWVvjx4+43y0yimdp50qexqlS5d4EQaOn+XTj301tni8oliRJfTZpFguFh8C5URcVk57swRhhkfq1zYusLqAbXLIUwnI8d3eMAwEetJ8cixxkbnaibOkSdcnIbbD/zVL/JQEjDju8vyyBywh/w02q7ppOjcRHZEsnGCZUoDlKgvC8PpQm7avB0Envv0v8itpBFbfEw8hQSf58M8kNNNptHoDFx8KKZR1znFJdUimbYoQ8LuQ88lNwFoy1TfIypWFynC8c9FDZvh3S01IkDRkc3LGmT9N48j0V698FZ07xAR4mzmXT6zce+llHkQfcTvUt85oRt2hp2D4S5A4z/uTcLC+vfGWMUhq/njXMuyububUFEGZvmoeoc2Njsx8D/DiGHoaD0+oJALsC2dWXy1j46k/DSn8bh+C73HhsjKjC4pL0Df0omBxcwsqIILl90ba1RCy86V6hPcW/mo24fsQEIwNgTkVxr6sa2pXQy8rAwY8ubz3A1bRCRcnVyBzgC2gVaxxT8AsnbbOmeop0VRgU0fW7xsESPCC+r6ZD9tUeF5mf0TG/Rg7EXlOinW9yEVYxsGYm95JDN9EknKjOiOI6N1H2GLr5+VLkrMoedcVtODHDBgNZiuFvaN9GQL0WN4rhi/wNnl8K2VcoCpuWdbjBO6ICkkfM0+ziOMoy+iO8sSUWabrt1Ct0zYyPLLTuwlkwrm0bwlkieO+DONPegqd6d6Sun5VLq
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR07MB6248.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(71200400001)(52536014)(8936002)(38100700002)(5660300002)(110136005)(316002)(122000001)(2906002)(508600001)(82960400001)(53546011)(6506007)(26005)(7696005)(66446008)(186003)(9686003)(4326008)(83380400001)(8676002)(15974865002)(66574015)(33656002)(38070700005)(64756008)(76116006)(55016003)(86362001)(66556008)(91956017)(66476007)(66946007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 2bLyEhOyyj+smDnos2MyEikRc/UoLCRgGqNU+XKuo8ctR0LXkNOBJPlJZ2qwVZezO+LDUTiWNfQ1On7I6JYbTIJt1h4S943Ajpp512MkdhLfkJCGT1ysD5DfdTLXr/iARfHYI3ee0os8+r+tXb8S6jfs7pnKjdOQ9+cht1968JUlSYuTqawoxP4tQ0kF659TPjjipuvkz/I/8847+IVg3qLfDurAWWfn3qcWBn4R3m6qrS6PJ0Z+fU+G1jjyntI+hKDl6FrhueSWbjWqxY9PKAX3ll++00jo0H+Ynm63y2YWCIAqWC9iu2hO1TxheiHtGTwffgGQjNWk8kIqHF6Hep+wl8jlMsjt8WaywZwmj4agYvJ7fIQI4fEAH7YXTdBgic9J1/Bv12yPeuPztJ0Xv5CvHtN/us4pFnP8xwRsRP0pw9GNz2v8ow2U82oABAUjuKfW+Zv6Ef6Khri/tH+iMCFjr872ej2GiyzDkWfcJgHX0c09LQNUAYMtD+TT6n/bca7MY19lYCQzJXn+WXdNhREFryM9EHwV8C3B1BGcNMbmkIiBz60iLlLsrHs2U42xuTjXgWQHo0vJprub4+fezdz/h+9S3mFR99jyYEjayEQSa5qwvbq+w0mDPBnKmJKMpo+fEVIgvvIVPYk3yO4SxUDMfLCQ7a1fSj2HGeytekeqRfANfhuDsqXT0OZQ4X2JGKZyCZlBRCYSpQuYQLWCYNxCod888CG42+G0fQuK8hL454MWFMqZghH0fUUpIBkw/R6qMRauSATNiSjwlFIzWQYYfDV9YSlrhrRsJ3SnABabxZnGbkM0yX3/m4M0llqFBQe6ag8qlY+pp+oEaD8hxyLVo14G5aJk7WuOxSc8CUcd3RyUqpzcarjZn5OcjvKMA/By73nYkMPUr0wGNtNGpEPbxelL/9sTLePm6lUGAjVI1r0xMl2fhc3CHiP9TO9fMYNpO6/QSDw2HAlQKwnsS6JreZkGsBCxOCjzZX1C0r+dZgTH5HnTjybvHv0gwDlaDJUirmawqMRancZ02Emzglw+iPoYyhaXQIaTjS+JYoovs9P25A1gFeaZKVnrW3PuxGKsls9RahWTfTxzR6WN+vZ84Lp17YVzUWru8B1ZyGo/PvsSC43Epcbm4kKUqB0t6MyAu/aEbtwW0Q9qzs7hGjDTz6I7A8yFLldyQZFY3Ye+k1oXIwhqojTfLY2OG5GLLzyENKaUm/4uRdzF45AVjCFB2BKfezPwVUvGbRr42hgiLMX6FAUlKT4B95ZJbTKuv85AjATiligxgbaSdOLTDyd5LRfRLjMrHFQXiJZrf+6ZIwjOjJ51WI5j81sEx/3kJD6oJXepeFnd/7sPCv4n69s0T0yygJdZalb22dnq9yd6w6JnfK1OL8cT9fvQB0VA0Aq7LAOP35sfj5odJ1/IIrz2p2Oh84N0BHCL8IEvM6do++J7BgfsuTKd25sOsw/Nel60ONoAJsHQPH3OhhysB79X8/wRady8OnDEvAkF9t2/HNBJvalmINW9OlHs/oEMVkKLZ8fS/dumjMCbq2Dyd2qB3hM8zY6lPgz70QchDCVV02zmELZH7LhWuZJSJ3JVDIN+eJGHYdH/mGoaqxJTZw==
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR07MB6248.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 301061e9-9750-4502-c8df-08d9b97c9566
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Dec 2021 12:24:58.2010 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tfiXC5BKweNt5oSv03sEs+3X8d1hTgHQ3kurcfZmlt/jXAUse2WE43H/yrnTtMja0mtLWA3sj739B7ICuPDh6A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB4614
Archived-At: <https://mailarchive.ietf.org/arch/msg/syslog/ebMM1dpit6SI5gOV_JjduprsmGo>
Subject: Re: [Syslog] Use Of RFC 5425 In IEC 62351
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/syslog/>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Dec 2021 12:25:19 -0000
Arijit My message got a bounce from WG15 which is not unexpected. Tom Petch ________________________________________ From: Syslog <syslog-bounces@ietf.org> on behalf of tom petch <ietfc@btconnect.com> Sent: 06 December 2021 17:31 From: Syslog <syslog-bounces@ietf.org> on behalf of Chris Lonvick <lonvick.ietf@gmail.com> Sent: 28 November 2021 21:22 Hello Arijit and All, Speaking as an individual (not representing the IETF or any Working Group), the work we did for the syslog protocol was never intended to be insecure. I would make two suggestions: - create a new Internet Draft that will deprecate the insecure cypher suite from the RFC; and - specify the implementation and deployment of the cypher suites in your IEC documents as you suggest below and cite the Internet Draft as updating the RFC. I'm cc'ing the current IETF Security ADs and adding Joe's contact email. <tp> Also as an individual active in the IETF. Trimming the cc: since the mailer has limits and especially ietf-action which is for admin problems with the website. I think that there are many more problems. The current security protocol is TLS1.3 which is very different to TLS1.2 in how the security options are structured. I have seen some WG seeking to update their RFC for how to make protocol XXXX secure; AFAIK none have succeeded in producing an RFC yet (excepting, perhaps, the TLS WG). RFC5425 assumes that life will go on as before with new ciphersuites but IMHO TLS1.3 tore up the rule book and rendered that approach impossible requiring a much greater consideration of the options (e.g. PSK). (Indeed I see some sectors saying that TLS1.3 cannot me made suitable). There is also the question of what is a match for a certificate. At the time of this RFC, every WG was RYO. Later an IETF-wide RFC6125 was produced but this is now regarded as inadequate and there is a draft 6125bis which would need to be considered. And then the IETF in general might regard NETCONF/YANG was where it wants to put its efforts rather than such as Syslog (or SMI). You mention getting no reply from the first two authors of the RFC; I cannot recall seeing anything of them in the past decade or so. Tom Petch Best regards, Chris On 11/22/21 10:30 AM, Arijit Bose wrote: Dear all, I am also looping the email address ietf-action@ietf.org<mailto:ietf-action@ietf.org> for this same query. With best regards Arijit From: Arijit Bose Sent: Monday, November 22, 2021 2:40 PM To: jsalowey@cisco.com<mailto:jsalowey@cisco.com>; clonvick@cisco.com<mailto:clonvick@cisco.com>; lonvick.ietf@gmail.com<mailto:lonvick.ietf@gmail.com>; ietfdbh@comcast.net<mailto:ietfdbh@comcast.net>; turners@ieca.com<mailto:turners@ieca.com>; sean+ietf@sn3rd.com<mailto:sean+ietf@sn3rd.com>; sean@sn3rd.com<mailto:sean@sn3rd.com>; syslog@ietf.org<mailto:syslog@ietf.org> Cc: IEC 62351 WG15 (WG15@iectc57.org<mailto:WG15@iectc57.org>) <WG15@iectc57.org><mailto:WG15@iectc57.org> Subject: RE: Use Of RFC 5425 In IEC 62351 Importance: High Dear all, My name is Arijit Kumar Bose and I am a member of IEC 62351 TC 57 WG15 : IEC 62351 - Wikipedia<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FIEC_62351&data=04%7C01%7Csteffen.fries%40siemens.com%7Cb9ba5117eb5a41c4194f08d9a2b9df82%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637719741475788053%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=w0fRscX0Ba72P%2FKnsrH7GamIBeFWww7DFa76h6pqhso%3D&reserved=0>. For the development of an IEC cybersecurity standard for electrical power system, we (WG15) are trying to reference RFC 5425 and adopt its specifications. However, since RFC 5425 specifies TLS_RSA_WITH_AES_128_CBC_SHA, which is currently insecure and depreciated cipher suite Ciphersuite Info<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fciphersuite.info%2Fcs%2FTLS_RSA_WITH_AES_128_CBC_SHA%2F&data=04%7C01%7Csteffen.fries%40siemens.com%7Cb9ba5117eb5a41c4194f08d9a2b9df82%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637719741475798016%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OrCx6A6rOiRfVzYOqg%2B%2FC9bAt1BA8wSaPQIZQ2jv7x4%3D&reserved=0>. Therefore, we are trying to adopt stronger cipher suites in accordance with IEC 62351-3 : IEC 62351-3:2014+AMD1:2018+AMD2:2020 CSV | IEC Webstore<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwebstore.iec.ch%2Fpublication%2F66624&data=04%7C01%7Csteffen.fries%40siemens.com%7Cb9ba5117eb5a41c4194f08d9a2b9df82%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637719741475798016%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=blKdNi3GMd58RUChw3eZ3Y0FfaPq4i98Z6uO8VumGP8%3D&reserved=0>. IEC 62351-3 specifies a set of stronger state of the art cipher suites and thus defines a profile on how to apply TLS, addressing authentication, cipher suite requirements, renegotiation, etc. Therefore, we would like to use the state of the art cipher suites as specified in IEC 62351-3 and also mandatorily refer RFC 5425 including the usage of its port number 6514 for transporting secure syslog traffic. Our understanding would be that it does not violate RFC 5425, as it allows in section 4.2 of RFC 5425 that also stronger cipher suites may be used. Would these be allowed that if we normatively (mandatorily) refer RFC 5425 to secure SYSLOG traffic including the use of the TCP port number 6514 but adopt the stronger cipher suites that are specified in IEC 62351-3 instead of the weak cipher suite as indicated above ? By adopting this, will it make our IEC standard incompliant with RFC 5425 ? I and WG15 are looking forward to your answer on this topic. Appreciate your any input on the same. Thanks in advance! With best regards Arijit [cid:part1.FjC0hlKG.WtFXJu1n@gmail.com] Arijit Kumar Bose Global Cyber Security Architect - Power Grids High Voltage | Software Development Independent Expert ul. Pawia 7 malopolskie 31-154 Krakow, Poland Mobile: +48 666 881 680 E-mail: arijit.bose@hitachienergy.com<mailto:arijit.bose@hitachienergy.com> www.hitachienergy.com<https://www.hitachienergy.com/> [cid:part2.7v2IZnyi.aiFXTrga@gmail.com]<http://www.facebook.com/hitachienergy.global> [cid:part3.V43P5neR.mIFmn3My@gmail.com] <http://www.instagram.com/hitachienergy> [cid:part4.p6X9CymJ.Y0kVmz3J@gmail.com] <http://www.twitter.com/hitachienergy> [cid:part5.gIa8m7V9.0otv4DbL@gmail.com] <https://www.youtube.com/c/hitachienergy> [cid:part6.1aGgXLAx.Sc3zNSLu@gmail.com] <http://www.linkedin.com/company/hitachienergy> [cid:part7.MA9YcUcm.2JWpmGWi@gmail.com]<www.hitachienergy.com> From: Arijit Bose Sent: Monday, November 22, 2021 11:49 AM To: jsalowey@cisco.com<mailto:jsalowey@cisco.com> Cc: IEC 62351 WG15 (WG15@iectc57.org<mailto:WG15@iectc57.org>) <WG15@iectc57.org<mailto:WG15@iectc57.org>> Subject: RE: Use Of RFC 5425 In IEC 62351 Dear Joseph, A second friendly reminder for this below aspect. We(WG15) are looking forward to your reply on this. With best regards Arijit From: Arijit Bose Sent: Wednesday, November 17, 2021 12:49 PM To: 'jsalowey@cisco.com<mailto:jsalowey@cisco.com>' <jsalowey@cisco.com<mailto:jsalowey@cisco.com>> Cc: IEC 62351 WG15 (WG15@iectc57.org<mailto:WG15@iectc57.org>) <WG15@iectc57.org<mailto:WG15@iectc57.org>> Subject: RE: Use Of RFC 5425 In IEC 62351 Dear Joseph, A friendly reminder for your input/suggestion on this topic as expressed below. With best regards Arijit From: Arijit Bose Sent: Friday, November 12, 2021 11:17 AM To: jsalowey@cisco.com<mailto:jsalowey@cisco.com> Cc: IEC 62351 WG15 (WG15@iectc57.org<mailto:WG15@iectc57.org>) <WG15@iectc57.org<mailto:WG15@iectc57.org>> Subject: RE: Use Of RFC 5425 In IEC 62351 Dear Joseph, Since I got a computerized automatic generated reply stating an undelivered message to miaofy@huawei.com<mailto:miaofy@huawei.com> and myz@huawei.com<mailto:myz@huawei.com> indicating that most probably their email address is no longer valid and thus could not be found, it would be very helpful, if you can please help us (WG15) with your valuable input / suggestion on this below topic. We are looking forward to your reply on this! With best regards Arijit From: Arijit Bose Sent: Wednesday, November 10, 2021 10:48 AM To: miaofy@huawei.com<mailto:miaofy@huawei.com>; myz@huawei.com<mailto:myz@huawei.com>; jsalowey@cisco.com<mailto:jsalowey@cisco.com> Subject: Use Of RFC 5425 In IEC 62351 Dear all, My name is Arijit Kumar Bose and I am a member of IEC 62351 TC 57 WG15 : IEC 62351 - Wikipedia<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FIEC_62351&data=04%7C01%7Csteffen.fries%40siemens.com%7Cb9ba5117eb5a41c4194f08d9a2b9df82%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637719741475788053%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=w0fRscX0Ba72P%2FKnsrH7GamIBeFWww7DFa76h6pqhso%3D&reserved=0>. For the development of an IEC cybersecurity standard for electrical power system, we (WG15) are trying to reference RFC 5425 and adopt its specifications. However, since RFC 5425 specifies TLS_RSA_WITH_AES_128_CBC_SHA, which is currently insecure and depreciated cipher suite Ciphersuite Info<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fciphersuite.info%2Fcs%2FTLS_RSA_WITH_AES_128_CBC_SHA%2F&data=04%7C01%7Csteffen.fries%40siemens.com%7Cb9ba5117eb5a41c4194f08d9a2b9df82%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637719741475798016%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OrCx6A6rOiRfVzYOqg%2B%2FC9bAt1BA8wSaPQIZQ2jv7x4%3D&reserved=0>. Therefore, we are trying to adopt stronger cipher suites in accordance with IEC 62351-3 : IEC 62351-3:2014+AMD1:2018+AMD2:2020 CSV | IEC Webstore<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwebstore.iec.ch%2Fpublication%2F66624&data=04%7C01%7Csteffen.fries%40siemens.com%7Cb9ba5117eb5a41c4194f08d9a2b9df82%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637719741475798016%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=blKdNi3GMd58RUChw3eZ3Y0FfaPq4i98Z6uO8VumGP8%3D&reserved=0>. IEC 62351-3 specifies a set of stronger state of the art cipher suites and thus defines a profile on how to apply TLS, addressing authentication, cipher suite requirements, renegotiation, etc. Therefore, we would like to use the state of the art cipher suites as specified in IEC 62351-3 and also mandatorily refer RFC 5425 including the usage of its port number 6514 for transporting secure syslog traffic. Our understanding would be that it does not violate RFC 5425, as it allows in section 4.2 of RFC 5425 that also stronger cipher suites may be used. Would these be allowed that if we normatively (mandatorily) refer RFC 5425 to secure SYSLOG traffic including the use of the TCP port number 6514 but adopt the stronger cipher suites that are specified in IEC 62351-3 instead of the weak cipher suite as indicated above ? By adopting this, will it make our IEC standard incompliant with RFC 5425 ? I and WG15 are looking forward to your answer on this topic. Appreciate your any input on the same. Thanks in advance! With best regards Arijit [cid:part8.ksIxmLY8.r6hMyuvg@gmail.com] Arijit Kumar Bose Global Cyber Security Architect - Power Grids High Voltage | Software Development Independent Expert ul. Pawia 7 malopolskie 31-154 Krakow, Poland Mobile: +48 666 881 680
- Re: [Syslog] Use Of RFC 5425 In IEC 62351 Chris Lonvick
- Re: [Syslog] Use Of RFC 5425 In IEC 62351 tom petch
- Re: [Syslog] Use Of RFC 5425 In IEC 62351 Jürgen Schönwälder
- Re: [Syslog] Use Of RFC 5425 In IEC 62351 tom petch